1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
|
/*
* Copyright (C) 2008 Martin Willi
* Copyright (C) 2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
/**
* @defgroup builder builder
* @{ @ingroup credentials
*/
#ifndef BUILDER_H_
#define BUILDER_H_
#include <stdarg.h>
typedef enum builder_part_t builder_part_t;
/**
* Constructor function to build credentials.
*
* Any added parts are cloned/refcounted by the builder implementation.
* Callers may need to free the passed resources themselves.
*
* @param subtype constructor specific subtype, e.g. a certificate_type_t
* @param args list of builder part types, followed by parts, BUILD_END
* @return builder specific credential, NULL on error
*/
typedef void* (*builder_function_t)(int subtype, va_list args);
#include <library.h>
/**
* Parts to build credentials from.
*/
enum builder_part_t {
/** path to a file encoded in any format, char* */
BUILD_FROM_FILE,
/** unix socket of a ssh/pgp agent, char* */
BUILD_AGENT_SOCKET,
/** An arbitrary blob of data, chunk_t */
BUILD_BLOB,
/** DER encoded ASN.1 blob, chunk_t */
BUILD_BLOB_ASN1_DER,
/** PEM encoded ASN.1/PGP blob, chunk_t */
BUILD_BLOB_PEM,
/** OpenPGP key blob, chunk_t */
BUILD_BLOB_PGP,
/** DNS public key blob (RFC 4034, RSA specific RFC 3110), chunk_t */
BUILD_BLOB_DNSKEY,
/** SSH public key blob (RFC 4253), chunk_t */
BUILD_BLOB_SSHKEY,
/** parameters from algorithmIdentifier (ASN.1 blob), chunk_t */
BUILD_BLOB_ALGID_PARAMS,
/** key size in bits, as used for key generation, u_int */
BUILD_KEY_SIZE,
/** private key to use for signing, private_key_t* */
BUILD_SIGNING_KEY,
/** certificate used for signing, certificate_t* */
BUILD_SIGNING_CERT,
/** public key to include, public_key_t* */
BUILD_PUBLIC_KEY,
/** subject for e.g. certificates, identification_t* */
BUILD_SUBJECT,
/** additional subject names, linked_list_t* containing identification_t* */
BUILD_SUBJECT_ALTNAMES,
/** issuer for e.g. certificates, identification_t* */
BUILD_ISSUER,
/** additional issuer names, linked_list_t* containing identification_t* */
BUILD_ISSUER_ALTNAMES,
/** notBefore, time_t* */
BUILD_NOT_BEFORE_TIME,
/** notAfter, time_t* */
BUILD_NOT_AFTER_TIME,
/** a serial number in binary form, chunk_t */
BUILD_SERIAL,
/** signature scheme and parameters for signature, signature_params_t* */
BUILD_SIGNATURE_SCHEME,
/** digest algorithm to be used for signature, hash_algorithm_t */
BUILD_DIGEST_ALG,
/** encryption algorithm to use, encryption_algorithm_t */
BUILD_ENCRYPTION_ALG,
/** list of AC group memberships, linked_list_t* with char* */
BUILD_AC_GROUP_STRINGS,
/** a ca certificate, certificate_t* */
BUILD_CA_CERT,
/** a certificate, certificate_t* */
BUILD_CERT,
/** CRL distribution point URIs, x509_cdp_t* */
BUILD_CRL_DISTRIBUTION_POINTS,
/** OCSP AuthorityInfoAccess locations, linked_list_t* containing char* */
BUILD_OCSP_ACCESS_LOCATIONS,
/** certificate path length constraint */
BUILD_PATHLEN,
/** RFC3779 addressBlock, linked_list_t* of traffic_selector_t* */
BUILD_ADDRBLOCKS,
/** permitted X509 name constraints, linked_list_t* of identification_t* */
BUILD_PERMITTED_NAME_CONSTRAINTS,
/** excluded X509 name constraints, linked_list_t* of identification_t* */
BUILD_EXCLUDED_NAME_CONSTRAINTS,
/** certificatePolicy OIDs, linked_list_t* of x509_cert_policy_t* */
BUILD_CERTIFICATE_POLICIES,
/** policyMapping OIDs, linked_list_t* of x509_policy_mapping_t* */
BUILD_POLICY_MAPPINGS,
/** requireExplicitPolicy constraint, int */
BUILD_POLICY_REQUIRE_EXPLICIT,
/** inhibitPolicyMapping constraint, int */
BUILD_POLICY_INHIBIT_MAPPING,
/** inhibitAnyPolicy constraint, int */
BUILD_POLICY_INHIBIT_ANY,
/** enforce an additional X509 flag, x509_flag_t */
BUILD_X509_FLAG,
/** enumerator_t over (chunk_t serial, time_t date, crl_reason_t reason) */
BUILD_REVOKED_ENUMERATOR,
/** Base CRL serial for a delta CRL, chunk_t, */
BUILD_BASE_CRL,
/** PKCS#10 challenge password */
BUILD_CHALLENGE_PWD,
/** PKCS#7 attribute, int oid, chunk_t with ASN1 type encoded value */
BUILD_PKCS7_ATTRIBUTE,
/** friendly name of a PKCS#11 module, null terminated char* */
BUILD_PKCS11_MODULE,
/** slot specifier for a token in a PKCS#11 module, int */
BUILD_PKCS11_SLOT,
/** key ID of a key on a token, chunk_t */
BUILD_PKCS11_KEYID,
/** modulus (n) of a RSA key, chunk_t */
BUILD_RSA_MODULUS,
/** public exponent (e) of a RSA key, chunk_t */
BUILD_RSA_PUB_EXP,
/** private exponent (d) of a RSA key, chunk_t */
BUILD_RSA_PRIV_EXP,
/** prime 1 (p) of a RSA key (p < q), chunk_t */
BUILD_RSA_PRIME1,
/** prime 2 (q) of a RSA key (p < q), chunk_t */
BUILD_RSA_PRIME2,
/** exponent 1 (exp1) of a RSA key, chunk_t */
BUILD_RSA_EXP1,
/** exponent 2 (exp1) of a RSA key, chunk_t */
BUILD_RSA_EXP2,
/** coefficient (coeff) of a RSA key, chunk_t */
BUILD_RSA_COEFF,
/** generate (p) and (q) as safe primes */
BUILD_SAFE_PRIMES,
/** number of private key shares */
BUILD_SHARES,
/** minimum number of participating private key shares */
BUILD_THRESHOLD,
/** DER encoded ASN.1 EdDSA private key */
BUILD_EDDSA_PRIV_ASN1_DER,
/** end of variable argument builder list */
BUILD_END,
};
/**
* enum names for build_part_t
*/
extern enum_name_t *builder_part_names;
#endif /** BUILDER_H_ @}*/
|